diff mbox series

net/pcap: fix possible crash on exit for infinite Rx

Message ID	20201009161649.1365261-1-ferruh.yigit@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	Ferruh Yigit
Headers	IronPort-SDR: BCXOyRajsLsEMlF79VeorkEq1Uw8QIUubp55PDKRGbBycAhz19pRwk2s7arqEeCqkudMAK62oz Qfb/9f2ooizQ== IronPort-SDR: o7s2so1eNrX2BHvwWRHVQWWLOfzy83h7qNMpZJl9YhOjJKMoKwILvc8+YVJrTBKciec/lER1Qp s/bQRNVQsZ2w== From: Ferruh Yigit <ferruh.yigit@intel.com> To: Ferruh Yigit <ferruh.yigit@intel.com>, Cian Ferriter <cian.ferriter@intel.com> Cc: dev@dpdk.org, stable@dpdk.org, rchibois@gmail.com Date: Fri, 9 Oct 2020 17:16:49 +0100 Message-Id: <20201009161649.1365261-1-ferruh.yigit@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] net/pcap: fix possible crash on exit for infinite Rx Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	net/pcap: fix possible crash on exit for infinite Rx \| net/pcap: fix possible crash on exit for infinite Rx

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/travis-robot	success	Travis build: passed
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/Intel-compilation	success	Compilation OK

Commit Message

Ferruh Yigit Oct. 9, 2020, 4:16 p.m. UTC

  If the infinite Rx argument ('infinite_rx') is provided a ring is
allocated and filled in the '.rx_queue_setup' dev_ops.
Later this ring freed in the '.dev_close' dev_ops.

If the 'infinite_rx' provided and '.dev_close' called before
'.rx_queue_setup', the ring will be NULL and trying to empty/free it
will cause a crash.

This is fixed by adding ring NULL check before trying to empty/free it.

Bugzilla ID: 548
Fixes: a3f5252e5cbd ("net/pcap: enable infinitely Rx a pcap file")
Cc: stable@dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
---
Cc: rchibois@gmail.com
Cc: cian.ferriter@intel.com
---
 drivers/net/pcap/rte_eth_pcap.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Ferruh Yigit Oct. 12, 2020, 5:08 p.m. UTC | #1

On 10/9/2020 5:16 PM, Ferruh Yigit wrote:
> If the infinite Rx argument ('infinite_rx') is provided a ring is
> allocated and filled in the '.rx_queue_setup' dev_ops.
> Later this ring freed in the '.dev_close' dev_ops.
> 
> If the 'infinite_rx' provided and '.dev_close' called before
> '.rx_queue_setup', the ring will be NULL and trying to empty/free it
> will cause a crash.
> 
> This is fixed by adding ring NULL check before trying to empty/free it.
> 
> Bugzilla ID: 548
> Fixes: a3f5252e5cbd ("net/pcap: enable infinitely Rx a pcap file")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>

Applied to dpdk-next-net/main, thanks.

diff mbox series

Patch

diff --git a/drivers/net/pcap/rte_eth_pcap.c b/drivers/net/pcap/rte_eth_pcap.c
index 057aa9dbfc..49764c0ee6 100644
--- a/drivers/net/pcap/rte_eth_pcap.c
+++ b/drivers/net/pcap/rte_eth_pcap.c
@@ -748,6 +748,13 @@  eth_dev_close(struct rte_eth_dev *dev)
 			struct pcap_rx_queue *pcap_q = &internals->rx_queue[i];
 			struct rte_mbuf *pcap_buf;
 
+			/*
+			 * 'pcap_q->pkts' can be NULL if 'eth_dev_close()'
+			 * called before 'eth_rx_queue_setup()' has been called
+			 */
+			if (pcap_q->pkts == NULL)
+				continue;
+
 			while (!rte_ring_dequeue(pcap_q->pkts,
 					(void **)&pcap_buf))
 				rte_pktmbuf_free(pcap_buf);